Malware Detection in Smartphones Using Static Detection and Evaluation Model Based on Analytic Hierarchy Process

作     者：Zhang Miao Yang Youxiu Cheng Gong Dong Hang Li Chengze 

作者机构：National Engineering Laboratory for Disaster Backup and Recovery Beijing University of Posts and Telecommunications Beijing 100876 P. R. China National Computer Network Emergency Response Technical Team/Coordination Center of China Beijing 100029 P. R. China 

出 版 物：《China Communications》 (中国通信（英文版）)

年 卷 期：2012年第9卷第12期

页      面：144-152页

核心收录：

学科分类：12[管理学] 1201[管理学-管理科学与工程(可授管理学、工学学位)] 07[理学] 08[工学] 070105[理学-运筹学与控制论] 0835[工学-软件工程] 0701[理学-数学] 081202[工学-计算机软件与理论] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：supported by Major National Science and Technology Projects(No.3) under Grant No. 2012ZX03002012 

主　　题：smartphone malware analytic hierarchy process static detection 

摘      要：Mobile malware is rapidly increasing and its detection has become a critical issue. In this study, we summarize the common characteristics of this inalicious software on Android platform. We design a detection engine consisting of six parts： decompile, grammar parsing, control flow and data flow analysis, safety analysis, and comprehensive evaluation. In the comprehensive evaluation, we obtain a weight vector of 29 evaluation indexes using the analytic hierarchy process. During this process, the detection engine exports a list of suspicious API. On the basis of this list, the evaluation part of the engine performs a compre- hensive evaluation of the hazard assessment of software sample. Finally, hazard classification is given for the software. The false positive rate of our approach for detecting rnalware samples is 4. 7% and normal samples is 7.6%. The experimental results show that the accuracy rate of our approach is almost similar to the method based on virus signatures. Compared with the method based on virus signatures, our approach performs well in detecting unknown malware. This approach is promising for the application of malware detection.